]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/appleCdsa.h
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / lib / appleCdsa.h
1 /*
2 * Copyright (c) 1999-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * appleCdsa.h - interface between SSL and CDSA
26 */
27
28 #ifndef _APPLE_CDSA_H_
29 #define _APPLE_CDSA_H_ 1
30
31 #include "ssl.h"
32 #include "sslPriv.h"
33 #include "sslContext.h"
34 #include <Security/cssmtype.h>
35
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39
40 extern OSStatus sslSetUpSymmKey(
41 CSSM_KEY_PTR symKey,
42 CSSM_ALGORITHMS alg,
43 CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc.
44 CSSM_BOOL copyKey, // true: copy keyData false: set by reference
45 uint8 *keyData,
46 size_t keyDataLen); // in bytes
47
48 extern OSStatus sslFreeKey(CSSM_CSP_HANDLE cspHand,
49 CSSM_KEY_PTR *key,
50 #if ST_KC_KEYS_NEED_REF
51 SecKeychainRef *kcItem);
52 #else /* !ST_KC_KEYS_NEED_REF */
53 void *kcItem);
54 #endif /* ST_KC_KEYS_NEED_REF*/
55
56 extern OSStatus attachToCsp(SSLContext *ctx);
57 extern OSStatus attachToCl(SSLContext *ctx);
58 extern OSStatus attachToTp(SSLContext *ctx);
59 extern OSStatus attachToAll(SSLContext *ctx);
60 extern OSStatus detachFromAll(SSLContext *ctx);
61
62 extern CSSM_DATA_PTR stMallocCssmData(size_t size);
63 extern void stFreeCssmData(CSSM_DATA_PTR data, CSSM_BOOL freeStruct);
64 extern OSStatus stSetUpCssmData(CSSM_DATA_PTR data, size_t length);
65
66
67 /*
68 * Given a DER-encoded cert, obtain its public key as a CSSM_KEY_PTR.
69 */
70 extern OSStatus sslPubKeyFromCert(
71 SSLContext *ctx,
72 const SSLBuffer *derCert,
73 CSSM_KEY_PTR *pubKey, // RETURNED
74 CSSM_CSP_HANDLE *cspHand); // RETURNED
75
76 /*
77 * Verify a cert chain.
78 */
79 extern OSStatus sslVerifyCertChain(
80 SSLContext *ctx,
81 const SSLCertificate *certChain,
82 bool arePeerCerts);
83
84 /*
85 * Raw RSA/DSA sign/verify.
86 */
87 OSStatus sslRawSign(
88 SSLContext *ctx,
89 SecKeyRef privKeyRef,
90 const UInt8 *plainText,
91 size_t plainTextLen,
92 UInt8 *sig, // mallocd by caller; RETURNED
93 size_t sigLen, // available
94 size_t *actualBytes); // RETURNED
95
96 OSStatus sslRawVerify(
97 SSLContext *ctx,
98 const CSSM_KEY *pubKey,
99 CSSM_CSP_HANDLE cspHand,
100 const UInt8 *plainText,
101 size_t plainTextLen,
102 const UInt8 *sig,
103 size_t sigLen); // available
104
105 /*
106 * Encrypt/Decrypt
107 */
108 OSStatus sslRsaEncrypt(
109 SSLContext *ctx,
110 const CSSM_KEY *pubKey,
111 CSSM_CSP_HANDLE cspHand,
112 CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
113 const UInt8 *plainText,
114 size_t plainTextLen,
115 UInt8 *cipherText, // mallocd by caller; RETURNED
116 size_t cipherTextLen, // available
117 size_t *actualBytes); // RETURNED
118 OSStatus sslRsaDecrypt(
119 SSLContext *ctx,
120 SecKeyRef privKeyRef,
121 CSSM_PADDING padding, // CSSM_PADDING_PKCS1, CSSM_PADDING_APPLE_SSLv2
122 const UInt8 *cipherText,
123 size_t cipherTextLen,
124 UInt8 *plainText, // mallocd by caller; RETURNED
125 size_t plainTextLen, // available
126 size_t *actualBytes); // RETURNED
127
128 /*
129 * Obtain size of key in bytes.
130 */
131 extern uint32 sslKeyLengthInBytes(
132 const CSSM_KEY *key);
133
134 /* Obtain max signature size in bytes. */
135 extern OSStatus sslGetMaxSigSize(
136 const CSSM_KEY *privKey,
137 uint32 *maxSigSize);
138
139 /*
140 * Get raw key bits from an RSA public key.
141 */
142 OSStatus sslGetPubKeyBits(
143 SSLContext *ctx,
144 const CSSM_KEY *pubKey,
145 CSSM_CSP_HANDLE cspHand,
146 SSLBuffer *modulus, // data mallocd and RETURNED
147 SSLBuffer *exponent); // data mallocd and RETURNED
148
149 /*
150 * Given raw RSA key bits, cook up a CSSM_KEY_PTR. Used in
151 * Server-initiated key exchange.
152 */
153 OSStatus sslGetPubKeyFromBits(
154 SSLContext *ctx,
155 const SSLBuffer *modulus,
156 const SSLBuffer *exponent,
157 CSSM_KEY_PTR *pubKey, // mallocd and RETURNED
158 CSSM_CSP_HANDLE *cspHand); // RETURNED
159
160 /*
161 * Given a DER-encoded cert, obtain its DER-encoded subject name.
162 */
163 CSSM_DATA_PTR sslGetCertSubjectName(
164 SSLContext *ctx,
165 const CSSM_DATA_PTR cert);
166
167 #if SSL_DEBUG
168 void verifyTrustedRoots(SSLContext *ctx,
169 CSSM_DATA_PTR certs,
170 unsigned numCerts);
171 #endif
172
173 void * stAppMalloc (size_t size, void *allocRef);
174 void stAppFree (void *mem_ptr, void *allocRef);
175 void * stAppRealloc (void *ptr, size_t size, void *allocRef);
176 void * stAppCalloc (uint32 num, size_t size, void *allocRef);
177
178 OSStatus sslDhGenKeyPairClient(
179 SSLContext *ctx,
180 const SSLBuffer *prime,
181 const SSLBuffer *generator,
182 CSSM_KEY_PTR publicKey, // RETURNED
183 CSSM_KEY_PTR privateKey); // RETURNED
184 OSStatus sslDhGenerateKeyPair(
185 SSLContext *ctx,
186 const SSLBuffer *paramBlob,
187 uint32 keySizeInBits,
188 CSSM_KEY_PTR publicKey, // RETURNED
189 CSSM_KEY_PTR privateKey); // RETURNED
190 OSStatus sslDhKeyExchange(
191 SSLContext *ctx,
192 uint32 deriveSizeInBits,
193 SSLBuffer *exchanged);
194 OSStatus sslEcdhGenerateKeyPair(
195 SSLContext *ctx,
196 SSL_ECDSA_NamedCurve namedCurve);
197 OSStatus sslEcdhKeyExchange(
198 SSLContext *ctx,
199 SSLBuffer *exchanged);
200 OSStatus sslVerifySelectedCipher(
201 SSLContext *ctx,
202 const SSLCipherSpec *selectedCipherSpec);
203
204 /*
205 * Convert between SSLBuffer and CSSM_DATA, which are after all identical.
206 * No mallocs, just copy the pointer and length.
207 */
208 #define SSLBUF_TO_CSSM(sb, cd) { \
209 (cd)->Length = (sb)->length; \
210 (cd)->Data = (sb)->data; \
211 }
212
213 #define CSSM_TO_SSLBUF(cd, sb) { \
214 (sb)->length = (cd)->Length; \
215 (sb)->data = (cd)->Data; \
216 }
217
218 #ifdef __cplusplus
219 }
220 #endif
221
222 #endif /* _APPLE_CDSA_H_ */